Commit acc58ecb authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

gnutls: require GnuTLS 3.3.0+ for thread safety

parent c0e59dec
......@@ -4062,7 +4062,7 @@ dnl
AC_ARG_ENABLE(gnutls,
[ --enable-gnutls GNU TLS TLS/SSL support (default enabled)])
AS_IF([test "${enable_gnutls}" != "no"], [
PKG_CHECK_MODULES(GNUTLS, [gnutls >= 3.2.0], [
PKG_CHECK_MODULES(GNUTLS, [gnutls >= 3.3.0], [
VLC_ADD_PLUGIN([gnutls])
], [
AS_IF([test -n "${enable_gnutls}"], [
......
......@@ -8,7 +8,7 @@ ifndef HAVE_DARWIN_OS
PKGS += gnutls
endif
endif
ifeq ($(call need_pkg,"gnutls >= 3.2.0"),)
ifeq ($(call need_pkg,"gnutls >= 3.3.0"),)
PKGS_FOUND += gnutls
endif
......
......@@ -39,7 +39,6 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#if (GNUTLS_VERSION_NUMBER >= 0x030300)
static int gnutls_Init (vlc_object_t *obj)
{
const char *version = gnutls_check_version ("3.3.0");
......@@ -52,53 +51,6 @@ static int gnutls_Init (vlc_object_t *obj)
return 0;
}
# define gnutls_Deinit() (void)0
#else
#define GNUTLS_SEC_PARAM_MEDIUM GNUTLS_SEC_PARAM_NORMAL
static vlc_mutex_t gnutls_mutex = VLC_STATIC_MUTEX;
/**
* Initializes GnuTLS with proper locking.
* @return VLC_SUCCESS on success, a VLC error code otherwise.
*/
static int gnutls_Init (vlc_object_t *obj)
{
const char *version = gnutls_check_version ("3.1.11");
if (version == NULL)
{
msg_Err (obj, "unsupported GnuTLS version");
return -1;
}
msg_Dbg (obj, "using GnuTLS version %s", version);
if (gnutls_check_version ("3.3.0") == NULL)
{
int val;
vlc_mutex_lock (&gnutls_mutex);
val = gnutls_global_init ();
vlc_mutex_unlock (&gnutls_mutex);
if (val)
{
msg_Err (obj, "cannot initialize GnuTLS");
return -1;
}
}
return 0;
}
/**
* Deinitializes GnuTLS.
*/
static void gnutls_Deinit (void)
{
vlc_mutex_lock (&gnutls_mutex);
gnutls_global_deinit ();
vlc_mutex_unlock (&gnutls_mutex);
}
#endif
static int gnutls_Error(vlc_tls_t *tls, int val)
{
switch (val)
......@@ -575,7 +527,6 @@ static int OpenClient (vlc_tls_creds_t *crd)
{
msg_Err (crd, "cannot allocate credentials: %s",
gnutls_strerror (val));
gnutls_Deinit ();
return VLC_EGENERIC;
}
......@@ -601,7 +552,6 @@ static void CloseClient (vlc_tls_creds_t *crd)
gnutls_certificate_credentials_t x509 = crd->sys;
gnutls_certificate_free_credentials (x509);
gnutls_Deinit ();
}
#ifdef ENABLE_SOUT
......@@ -648,10 +598,7 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
vlc_tls_creds_sys_t *sys = malloc (sizeof (*sys));
if (unlikely(sys == NULL))
{
gnutls_Deinit ();
return VLC_ENOMEM;
}
/* Sets server's credentials */
val = gnutls_certificate_allocate_credentials (&sys->x509_cred);
......@@ -660,7 +607,6 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
msg_Err (crd, "cannot allocate credentials: %s",
gnutls_strerror (val));
free (sys);
gnutls_Deinit ();
return VLC_ENOMEM;
}
......@@ -732,7 +678,6 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
error:
gnutls_certificate_free_credentials (sys->x509_cred);
free (sys);
gnutls_Deinit ();
return VLC_EGENERIC;
}
......@@ -747,7 +692,6 @@ static void CloseServer (vlc_tls_creds_t *crd)
gnutls_certificate_free_credentials (sys->x509_cred);
gnutls_dh_params_deinit (sys->dh_params);
free (sys);
gnutls_Deinit ();
}
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment